Loading…
Attending this event?
The virtual training classes are 8 hour courses offered in 4-hour blocks over two days. The trainings will begin at 12:00pm AWST (UTC +8) 

OWASP Members save $50 off the cost of a training course. Email events@owasp.com for your member discount code. If you are not an OWASP Member, please consider joining here.

REGISTER HERE FOR TRAINING

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Tuesday, November 16
 

12:00pm AWST

Applied Data Science and Machine Learning For Cyber Security
This interactive course will teach security professionals how to use data science techniques to quickly manipulate and analyze security data. The course will cover the entire data science process from data preparation, exploratory data analysis, data visualization, machine learning, and model evaluation—all with a focus on security related problems.

Speakers
avatar for Charles Givre

Charles Givre

GTK Cyber LLC
Charles Givre CISSP is the CEO and Co-Founder of DataDistillr, an early stage, VC backed startup dedicated to making any data easy to query and use. Prior to founding DataDistillr, Charles worked as a lead data scientist at several major financial institutions in their cyber security... Read More →


Tuesday November 16, 2021 12:00pm - Wednesday November 17, 2021 4:00pm AWST
Zoom

12:00pm AWST

Defence Against Client-Side Attacks(DACSA)
The web exploitation world is obsessed with server-side attacks however the data now resides equally on server and client side. The developers focus on fixing server-side vulnerabilities first due to their high-profile nature. However, client-side attacks like Cross-Site Scripting, Session Hijacking, Insecure Web Storage, Insecure Cross-Origin Resource Sharing, Insecure Cross-Document Messaging, Content-Security-Policy Misconfigurations, Man-in-the-Middle Attacks, Clickjacking, Information Leakage are equally catastrophic. In the training we shall discuss plenty of real-world case studies as well which highlights the importance of client-side security. In this training, the developers will not only be able to exercise the vulnerabilities in a real-lab environment but will also fix it themselves.

Speakers
avatar for Savan Gadhiya

Savan Gadhiya

NotSoSecure Global Services Limited
Savan Gadhiya is working as a Principal Security Consultant at NotSoSecure. He completed his masters in IT Systems and Network Security in 2013. He has more than 7 years of experience in IT Security and 9 years of experience in Information Technology. He is one of the members in developing... Read More →


Tuesday November 16, 2021 12:00pm - Wednesday November 17, 2021 4:00pm AWST
Zoom

12:00pm AWST

DevSecOps - Automating Security in DevOps
Modern enterprises are implementing the technical and cultural changes required to embrace DevOps methodology by introducing practices such Continuous Integration (CI), Continuous Delivery (CD), Continuous Monitoring (CM) and Infrastructure as Code(IaC) .DevSecOps extends DevOps by introducing security in each of these practices giving a certain level of security assurance in the final product. In this training, we will demonstrate using our state-of-the-art DevSecOps Lab as to how to inject security in CI, CD, CM and IaC. Every delegate will be provided a personalized cloud setup of our DevSecOps lab for hands-on implementation of various security tools in the CI/CD/CM pipeline. Attendees will receive the DevSecOps Lab built using Vagrant and Ansible comprising the same tools and scripts as a takeaway. A Short preview of our course is available for viewing here https://www.youtube.com/watch?v=_iGCZ4NPDqY

Speakers
avatar for Abhijay Singh

Abhijay Singh

NotSoSecure Pvt Ltd
Abhijay Singh is an information security professional working as a Senior Security Consultant at NotSoSecure. with 9+ yrs of corporate experience with expertise area of Application security, Network ,Vulnerability assessment. Abhijay currently holds industry recognized accreditations... Read More →


Tuesday November 16, 2021 12:00pm - Wednesday November 17, 2021 4:00pm AWST
Zoom

12:00pm AWST

Secure your SDLC using OWASP SAMM - ASAP!
Building security into the software development and management functions of a company can be a daunting task. There are many variables in the equation: company structure, different stakeholders, technology stacks, tools and processes, and competing priorities. Implementing software assurance can have a significant, positive impact on the organization. Yet, trying to achieve this without a good framework is likely to produce only marginal and unsustainable improvements. The OWASP Software Assurance Maturity Model provides a structural and measurable framework to overcome this challenge. It enables you to formulate and implement a strategy for software security that is tailored to the risk profile of your organization.

This 8-hour training - delivered as a mix of presentation, discussion, and interactive workshop - is intended for CSOs, directors, security architects, security analysts, and other application security professionals with responsibility for improving your organization's security posture. You will leave with an in-depth understanding of OWASP SAMM, pragmatic steps and tools for increased agility and compliance, and a template to kickstart your Application Security Assurance Program. Protect the confidentiality, integrity and availability of your data by implementing an application security assurance program in your organization - ASAP!

Speakers
avatar for John Ellingsworth

John Ellingsworth

Security Principal, Ellingsworth
John Ellingsworth is a security principal at a global company where he helps software development teams build and deliver secure enterprise solutions. When not collaborating on secure software solutions, he can often be found outdoors with his family - and probably scaling mountains... Read More →


Tuesday November 16, 2021 12:00pm - Wednesday November 17, 2021 4:00pm AWST
Zoom

12:00pm AWST

Security for Web Developers - an Offensive Approach
Overview of Web Penetration Testing Modules
- OWASP Top Ten Web Vulnerabilities
- API Top Ten vulnerabilities
- Technical measures and best practices u HTTP Security Headers
- JSON Web Tokens

The methodology of the course covers more than 75% practical hands-on approach. They will get hands-on knowledge to perform the hacking tasks in ethical ways to improve the security of assets by using various hacking tools. Attack side: Kali Linux 2020.x, NMAP, Burp / OWASP ZAP, Metasploit Framework (MSF). Victim side: OWASP Resources i.e. Damn Vulnerable Web Application (DVWA), Tomcat, as virtual machines.

Modules:
• Penetration testing overview
• Various types of web apps footprinting, footprinting tools, and countermeasures
• Ethical hacking methodology
• Web attacks: XSS, SQL Injection, Facebook phishing.
• NoSQL injection, API vulnerabilities, LFI, Brute-Force attacks, CSRF.

Speakers
avatar for Gabriel Avramescu

Gabriel Avramescu

ituniversity.ro
I work as a penetration tester with over 8 years of experience and as a trainer with over 14 years (5 in the security field). Certifications: OSWE, OSWP,OSCP, CEH, ECSA, CHFI, ISO 27001, CREST CRT, CREST CPSA, etc. Trainer on OWASP AppSec Days - August 2020 Penetration testing customers... Read More →


Tuesday November 16, 2021 12:00pm - Wednesday November 17, 2021 4:00pm AWST
Zoom